— Businesses need to urgently prepare for the arrival of EU GDPR compliance regulations, or risk being among the first to be penalised when the regulations take effect in 12 months’ time, according to Commvault.–

Brussels, Belgium, Reading, UK, and Tinton Falls, N.J. – May 25, 2017 – Businesses need to urgently prepare for the arrival of EU GDPR compliance regulations, or risk being among the first to be penalised when the regulations take effect in 12 months’ time, according to Commvault (NASDAQ: CVLT), a global leader in enterprise backup, recovery, archive and the cloud. Corporate complacency is one of the biggest barriers to GDPR compliance with many organisations yet to implement either suitable processes or technology. With instances of intrusions such as ransomware and leakware on the rise, failure to implement a secure data management platform can result in organisations facing damaging financial penalties.

Pegged as the toughest piece of privacy regulation in the world, and the most significant privacy regulation update since 1995 when the original Data Protection Directive was launched, GDPR was passed in April 2016 and will take effect on May 25, 2018. It is designed to pass the balance of power back to individuals in how their data is processed and has far reaching implications for any global organisation that manages personal information of EU citizens.

“GDPR has been on the radar of European countries for a while now, but we haven’t seen many organizations actively taking steps to become compliant, so now it is crunch time,” said N. Robert Hammer, chairman, president and CEO, Commvault. “You don’t want to be the company in the first week of June 2018 that is used as the poster child for the harsh reality of the penalties laid out by the regulations. “There is still plenty of time for organizations to ensure compliance in time for the May 2018 deadline, but they need to move quickly and strategically, and this is where Commvault can help.”

Commvault can help companies meet specific articles and principles of GDPR, including the right to be forgotten, data protection by design and by default, ensuring ongoing confidentiality, integrity, availability and resilience, 72-hour data breach notification, data minimization principle, data transfers and portability, and more. To tackle these specifications from GDPR, the Commvault Data Platform indexes content from the data that it touches, uniquely providing a single point for organisations to locate Personally Identifiable Information in unstructured data, whether in backups, archives, core enterprise, private and public cloud environments, and also in Endpoint Protection.

The Commvault Data Platform has been built with security in mind and provides organizations with the ability to identify, mitigate and recover from cyber attacks. Commvault utilizes sophisticated intrusion detection software to enable organizations to recognize threats such as ransomware, or the lesser-known leakware, which exposes personal customer data to the public unless a ransom is paid. By being aware of ongoing threats, companies are better able to protect Personally Identifiable Information and maintain GDPR compliance – even when vital systems are under attack.

“Good data management practices are key to GDPR compliance success. Understanding where you have personal data – in which applications, on-premises or in the cloud, which processes use this data, and who owns it – is an important first step,” said Carla Arend, Program Director, IDC. “If you have not started to prepare, get started now; getting GDPR compliance right takes time. Most European organizations have started preparations, but those outside the EU need to understand how this regulation applies to them as well. A good starting point is addressing unstructured data and devising data governance and management processes that cover data from edge devices to the data center to the cloud.”

The legislation includes the new ‘data protection officer’ concept, which is a role to monitor compliance, and it can be filled by someone from the company staff or by an outsourced vendor. Likewise, companies must adapt their own systems or go for an outsourced approach.

“Many SMEs will opt for the outsourcing,” said Ricardo de la Cruz, Product Manager, Security and Private Cloud, ACENS, “so they will have to depend on a reliable entity to meet their obligations and ensure confidentiality and availability for their data. In this scenario trusted suppliers like Acens and Commvault are key.”

Many organizations across the world are already using the Commvault Data Platform to ensure that their data management processes are robust enough to build fully GDPR compliant processes on top.

“We discovered the full potential of Commvault Platform during a transformation workshop organised by the company, as part of which Commvault assessed our organization’s maturity in the areas of data management and information,” added Przemysław Wesołowski, IT Infrastructure Director, PGNiG SA. “The workshops resulted in recommendations that delivered greater competitive advantage to our business by making different data sets more immediately and easily visible to our executives, as well as providing greater speed and accuracy in terms of compliance – a critical factor when our business has so much commercially sensitive data and the impending GDPR legislation requirements incoming into effect in 2018.”

Commvault is a leading provider of data protection and information management solutions, protecting and enabling digital business. Commvault helps enterprises worldwide activate their data to drive more value and business insight and to transform modern data environments. With solutions and services delivered directly and through a worldwide network of partners and service providers, Commvault solutions comprise one of the industry’s leading portfolios in data protection and recovery, cloud, virtualisation, archive, file sync and share. Commvault has earned accolades from customers and third party influencers for its technology vision, innovation, and execution as an independent and trusted expert. Without the distraction of a hardware business or other business agenda, Commvault’s sole focus on data management has led to adoption by companies of all sizes, in all industries, and for solutions deployed on-premises, across mobile platforms, to and from the cloud, and provided as-a-service. Commvault employs more than 2,700 highly skilled individuals across markets worldwide, is publicly traded on NASDAQ (CVLT), and is headquartered in Tinton Falls, New Jersey in the United States. To learn more about Commvault — and how it can help make your data work for you — visit www.commvault.com.

Safe Harbor Statement

Customers’ results may differ materially from those stated herein; Commvault does not guarantee that all customers can achieve benefits similar to those stated above. This press release may contain forward-looking statements, including statements regarding financial projections, which are subject to risks and uncertainties, such as competitive factors, difficulties and delays inherent in the development, manufacturing, marketing and sale of software products and related services, general economic conditions and others. Statements regarding Commvault’s beliefs, plans, expectations or intentions regarding the future are forward-looking statements, within the meaning of Section 27A of the Securities Act of 1933, as amended and Section 21E of the Securities Exchange Act of 1934, as amended. All such forward-looking statements are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Actual results may differ materially from anticipated results. Commvault does not undertake to update its forward-looking statements. The development and timing of any product release as well as any of its features or functionality remain at our sole discretion.